[svlug] Opening up ipchains for ipsec

Breen Mullins bpm at idiom.com
Thu May 1 12:53:06 PDT 2003

On Thu, 2003-05-01 at 12:06, Larry Colen wrote:
> The company I work at has the policy that employees can only access
> the network from offsite via company owned (read windows) hardware
> running the company vpn software (symantec/defender).
> It seems as if red4est is not allowing the packets through that it
> needs on ports 50 and 51. I'm not very well versed with ipchains and a
> quick rotfm isn't very illuminating.

Errm -- if this is an IPSec VPN, those aren't ports but protocols.

Try a rule like this:

-A input -s 0/0 -d 0/0 -p 50  -j ACCEPT

You'll probably also need a rule to allow 500/tcp for IKE to work:

-A input -s 0/0 -d 0/0 500 -p tcp -y -j ACCEPT

Breen Mullins
San Mateo, California

More information about the svlug mailing list